Methods, apparatuses and systems facilitating seamless, virtual integration of online membership models and services

ABSTRACT

Methods, apparatuses and systems facilitating integration of the functionality associated with a first on-line service entity with the functionality associated with a second on-line service entity. Embodiments of the present invention allow a first on-line service entity having its own membership model to efficiently collaborate with a second on-line service entity to offer its users the services of the second on-line service entity in a seamless and consistently branded manner. One implementation obviates the need for synchronization of the membership models between the first and second on-line service entities. One implementation allows the second on-line service entity to provide services to the users associated with the first on-line service entity in a seamless manner without the first on-line service entity having to proxy the session between the second on-line service entity and the users.

CROSS-REFERENCE TO RELATED APPLICATION

[0001] The present application claims priority from U.S. provisionalpatent application Ser. No. 60/447,224 filed Feb. 13, 2003 and entitled“Methods, Apparatuses and Systems Facilitating Seamless, VirtualIntegration of Online Membership Models and Services.”

FIELD OF THE INVENTION

[0002] The present invention relates to computer networks and, moreparticularly, to methods, apparatuses and systems facilitating theintegration of services offered by a first on-line service entity withthe services offered by a second on-line service entity. In oneembodiment, the present invention facilitates the integration ofnetwork-based credit data retrieval and reporting systems with thirdparty web sites and other network-based functionality.

BACKGROUND OF THE INVENTION

[0003] Providers of on-line or network-based services typically supportuser accounts into which users log to persist user account data, such asuser names, passwords, addresses, payment information, preferences, etc.Such providers typically maintain their own proprietary, uniquemembership model including what types of membership data is maintained.When two separate on-line service providers desire to collaborate toextend the services or other functionality offered by one serviceprovider with the services or functionality offered by the secondservice provider, the prior art methodology typically requires the twoorganizations to either 1) expend a large effort to bi-directionallysynchronize the information associated with each organization'smembership model and user account data, and/or 2) have one serviceentity proxy the session between the second service entity and the user.For technical and sometimes other reasons, such exchanges of data arenot desirable. Moreover, for legal or other reasons, it is desirableand/or mandated by law or otherwise, that the data exchanged between auser and a first on-line service provider not flow through a secondon-line service provider acting essentially as a proxy. Thisrequirement, however, presents certain technical challenges whencollaborating on-line service providers desire that their respectiveusers experience a consistently branded service.

[0004] In light of the foregoing, a need in the art exists for methods,apparatuses and systems that facilitate collaboration between on-lineservice entities. A need in the art further exists for methods,apparatuses and system facilitating the integration of services offeredby a first on-line service entity into the services provided by a secondon-line service entity. A need further exists for methods, apparatusesand systems that allow for seamless, virtual integration of on-lineservice functionality without having one on-line service entity actingas a proxy for a second on-line service entity. Embodiments of thepresent invention substantially fulfill these needs.

SUMMARY OF THE INVENTION

[0005] The present invention provides methods, apparatuses and systemsfacilitating integration of the functionality associated with a firston-line service entity with the functionality associated with a secondon-line service entity. Embodiments of the present invention allow afirst on-line service entity having its own membership model toefficiently collaborate with a second on-line service entity to offerits users the services of the second on-line service entity in aseamless and consistently branded manner. Moreover, embodiments of thepresent invention obviate the need for synchronization of the membershipmodels between the first and second on-line service entities. Inaddition, embodiments of the present invention allow the second on-lineservice entity to provide services to the users associated with thefirst on-line service entity in a seamless manner without the firston-line service entity having to proxy the session between the secondon-line service entity and the users. This approach, for example, allowsone on-line service entity to leverage its existing membership modelwith the offerings of a second on-line service entity, such as anon-line credit report service, without having to transmit any sensitivecredit or other user information between the entities.

DESCRIPTION OF THE DRAWINGS

[0006]FIG. 1 is a functional block diagram illustrating a computernetwork environment including the functionality associated with a firstembodiment of the present invention.

[0007]FIG. 2 is a flow chart diagram illustrating a method, according toan implementation of the present invention, directed to generatingsession identifiers in response to requests from third-party web sites.

[0008]FIG. 3 is a flow chart diagram providing a method, according toone implementation of the present invention, directed to interactingwith users who have been redirected to a server or cluster or serversthat issued session identifiers.

DESCRIPTION OF PREFERRED EMBODIMENT(S) I. Overview of OperatingEnvironment

[0009] As FIG. 1 provides, an embodiment of the present inventionoperates in a computer network environment comprising at least onecredit reporting bureau 20, credit scoring engine 25, third-party website 30, credit data retrieval system 50, and at least one clientcomputer 60 associated with one or more individual users. Computernetwork 90 can be any suitable computer network, including the Internetor any wide area network. In one embodiment, users access credit dataretrieval system 50 over computer network 90 with a network accessdevice, such as client computer 60 including suitable client software,such as a web browser, for transmitting requests and receiving responsesover a computer network. However, suitable network access devicesinclude desktop computers, laptop computers, Personal Digital Assistants(PDAs), and any other wireless or wireline device capable of exchangingdata over computer network 90 and providing a user interface displayingdata received over computer network 90. In one embodiment, the presentinvention operates in connection with an HTML compliant browser, such asthe Microsoft Internet Explorer® or Netscape Navigator® browsers.

[0010] In one embodiment, credit data retrieval system 50 comprisesWeb/HTTP server 52, application server 54, database server 56 and webservices network gateway 55. Web/HTTP server 52 is operative toestablish HTTP or other connections with client computers 60 (or othernetwork access devices) to receive requests for files or other data overcomputer network 90 and transmit responses in return, as discussedherein. In one embodiment, Web/HTTP server 52, or at least the HTTPserver functionality that operates in connection with third-party website 30, is operative to establish privileged sessions; that is,Web/HTTP server 52 only generates sessions and creates session IDsindirectly for users only in connection with partner third-party websites 30 after authentication (such as verification or validation of adigital signature of third-party web site 30) (see below). Users, atclient computers 60 require a valid session ID (obtained from or inconnection with third-party web site 30, as discussed below) to accessWeb/HTTP server 52 and, therefore, the functionality of credit dataretrieval system 50. Accordingly, this configuration allows usersassociated with third-party web site 30 to reinitiate a session onlythrough third-party web site 30. In one embodiment, credit dataretrieval system 50 further includes an additional Web/HTTP server (notshown), including an IP address different from Web/HTTP server 52, thatoperates in a conventional manner to process requests and responses fordirect users (i.e., users not associated with third-party web site 30)of credit data retrieval system 50.

[0011] Otherwise, Web/HTTP server 52, in one embodiment, incorporatesconventional HTTP server and connection state management functionality.In one embodiment, Web/HTTP server 52 passes user requests toapplication server 54 which composes a response and transmits it to theuser via web server 52. In one embodiment, web server 52 establishes asecure connection to transmit data to users and other sites, using theSSL (“Secure Sockets Layer”) encryption protocol part of the HTTP(S)(“Secure HTTP”) protocol, or any other similar protocol for transmittingconfidential or private information over an open computer network.Database server 56 stores the content and other data associated withoperation of credit data retrieval system 50. Application server 54, inone embodiment, includes the functionality handling the overall processflows, described herein, associated with credit data retrieval system50. Application server 54, in one embodiment, accesses database server56 for data (e.g., HTML page content, etc.) to generate responses touser requests and transmit them to web server 52 for ultimatetransmission to the requesting user. As one skilled in the art willrecognize, the distribution of functionality set forth above among webserver 52, database server 56 and application server 54 is not requiredby any constraint. The functionality described herein may be included ina single logical server or module or distributed in separate modules. Inaddition, the functionality described herein may reside on a singlephysical server or across multiple physical servers. In addition,although one web server 52 is depicted in FIG. 1, multiple web serversmay be used in connection with session clustering to store session stateinformation in a central database for use by the multiple web servers,and to provide for failover support.

[0012] In one embodiment, third-party web site 30 comprises web server32, application server 34 and database server 36. Web server 32 receivesrequests for files or other data over computer network 40 and passesthem to application server 34. In one embodiment, web server 32transmits data to users and other sites using the HTTP and relatedprotocols, or any other similar protocol for transmitting data over acomputer network. In one embodiment, database server 36 stores contentand other data relating to the operation of the third-party web site 30.Application server 34, according to one embodiment, accesses databaseserver 36 and generates pages or other files that web server 32transmits over computer network 90 to the intended recipient. Asdiscussed more fully below, third-party web site 30 offers its users theability to obtain credit report information by advertising theseservices on the web pages, such as its home page, it serves to users.Users who opt for such services click on links or otherwise communicatea request to order the services, thereby triggering the methodology andprotocols discussed below.

[0013] Credit scoring engine 25, in one embodiment, is a web-basedapplication service operative to compute a credit score given a set ofcredit data. Credit scoring engine 25 is operative to receive creditreport data relating to an individual or other entity and process thedata against a proprietary or other credit scoring model to yield acredit score. Suitable credit scoring models including a FICO® creditscoring model, CreditXpert®, TransRisk®, or any other suitable creditscoring model. In one embodiment, credit scoring engine 25 is astand-alone web-based application remote from credit data retrievalsystem 50 and/or credit reporting bureau 20. In other embodiments, thefunctionality of credit scoring engine 25, however, is integrated intoother components associated with computer network 90. For example,credit scoring engine 25 may be incorporated as an internally executedapplication (such as CreditXpert) within credit data retrieval system50, or within credit reporting bureau 20.

[0014] Credit reporting bureau 20 maintains a database or otherrepository of credit history data for at least one individual or otherentity, such as the credit reporting services offered by TransUnion®,Equifax®, and Experian®. Credit reporting bureau(s) 20 offer web-basedcredit reporting application services. In one embodiment, at least onecredit reporting bureau 20 is operative to access credit scoring engine25 in response to a request from credit data retrieval system 50; insuch an embodiment, the credit reporting bureau 20 transmits the creditreporting data associated with the individual to credit scoring engine25 and receives a credit score in return. The credit reporting bureau 20then returns the credit score with the credit report data to credit dataretrieval system 50. In one embodiment, credit data retrieval system 50formulates an XML request and transmits it to credit reporting bureau 20to retrieve credit report data. In one embodiment, the XML requestformat includes a flag or other indication of whether a credit score isalso desired. Credit reporting bureau 20 responds to the asynchronous orsynchronous request by transmitting an XML response including creditreport data corresponding to the individual identified in the XMLrequest. In one embodiment, credit data retrieval system 50 operates inconnection with one credit reporting bureau, such as TransUnion,Equifax, or Experian; however, in other embodiments, credit dataretrieval system 50 obtains credit report data for a particularindividual from at least two credit reporting bureaus 20 and merges thedata into a single report. Co-pending and commonly owned applicationSer. No. 09/644,139 filed Aug. 22, 2000 in the name of Guy et al. andentitled “Credit and Financial Information and Management System”discloses methods and systems that obtain credit report data frommultiple sources and merge such data into a single report (incorporatedby reference herein).

[0015] As discussed above, credit data retrieval system 50 furtherincludes network services gateway 55 which implements web servicesnetwork functionality to process and route service requests andresponses over a computer network. In one embodiment, network servicesgateway 55 implements a communications model based on requests andresponses. Network services gateway 55 generates and transmits a servicerequest to an external vendor, such as credit reporting bureau 20 and/orcredit scoring engine 25, which receives the request, executesoperations on data associated with the request, and returns a response.Network services gateway 55, in one embodiment, further includes otherweb services functionality such as logging of service requests andresponses allowing for tracking of costs and usage of services. Networkservices gateway 55, in one embodiment, relies on secure HTTPcommunications and XML technologies for request and response formats. Inone embodiment, network services gateway 55 maintains Document TypeDefinitions (DTDs) and/or XML Schema Definitions (XSDs) that define theformat of the XML request and XML response. Request and response XSDs,in one form, include a message type, transaction identification,vendor/service identification, and an application identification.

[0016] As one skilled in the art will recognize various embodiments arepossible. For example, the credit retrieval functionality of system 50may be incorporated into the functionality of credit reporting bureau20. In addition, the functionality of credit scoring engine 25 may beincorporated into credit reporting bureau 20.

II. Operation

[0017] A. New Orders for Credit Reports

[0018]FIG. 1 further illustrates the overall message and process flowassociated with an embodiment of the present invention. In addition,FIGS. 2 and 3 illustrate methods performed, in one implementation, bycredit report retrieval system 50. As FIG. 1 illustrates, a user atclient computer 60 accesses third-party web site 30 by inputting the URLor IP address of web site 30 into the location bar of the browser orother client-side application resident on client computer 60 (Ref. No.1). As discussed above, third-party web site 30 offers credit reportingservices to the user by adding appropriate links and content to at leastsome of the web pages it serves. In one embodiment, third-party web site30 presents an order page to the user requiring the user to enterpersonal information sufficient to identify the user for purposes ofpulling a credit report and also requires the user to enter paymentinformation, such as a credit card account number and expiration date.Third-party web site 30, in one embodiment, processes the paymenttransaction using the user-supplied information in a conventional or anysuitable manner.

[0019] In one embodiment, if the payment transaction is authorized,third party web site 30 then transmits a receipt page to the userseeking confirmation of the order. When the user confirms the order by,for example, clicking on an “accept” button or other interface control,third-party web site 30 then composes and transmits a request for asession ID from credit data retrieval system 50 (Ref. No. 2). In oneembodiment, the request includes a unique userid, co-brand id,transaction information, the user's social security number (SSN), firstname, last name, address, and email. In one embodiment, the request isformatted as an XML request. In one embodiment, the request is digitallysigned with the private key of the third-party web site 30 and encryptedwith the public key corresponding to credit data retrieval system 50.

[0020] In one embodiment, third-party web site 30 then posts thisrequest to credit data retrieval system 50, which receives the request(FIG. 1, 102) operates on the request to generate a session ID andreturn it in a response to third-party web site 30 (Ref No. 3). In oneembodiment, the functionality associated with the credit data retrievalsystem 50 that generates session IDs is presented as a web-basedapplication service accessible to third-party web site 30 via SimpleObject Access Protocol (SOAP) based protocols and technologies. In oneembodiment, credit data retrieval system 50 verifies the digitalsignature associated with the session ID request (104), decrypts thedata using its private key (106), and initiates processing of therequest. Credit data retrieval system 50, in one implementation, usesthe state management functionality of web/HTTP server 52 to generate asession for the end user identified in the request (108) and returns asession ID to third-party web site 30 (Ref. No. 3) (110). Credit dataretrieval system 50 also stores the user's personally identifyinginformation in association with the session ID for later use (112).

[0021] After receipt of the session ID, third-party web site 30 sets thesession ID on the browser executed on client computer 60 in the form ofa cookie and redirects the end user's browser to the credit dataretrieval system to begin the authentication/fulfillment process (Ref.No. 4). In one embodiment, third-party web site 30 uses HTML frames toallow the user's experience to be branded with the third-party web siteidentifiers. For example, third-party web site 30 may use a title (top)frame, a left (navigation) frame and a main/body frame including themajority of the content. According to this embodiment, the redirectionmessage (e.g., an HTML page including a meta refresh tag pointing to theURL of credit data retrieval system 50) is transmitted to the browserwithin the context of a main/body frame. Other embodiments are possible.For example, the use of HTML frames is only one preferred embodiment.The redirection message can also be transmitted within the context of anew or pop-up browser window, or within the context of a new HTML pagetransmitted to the same browser window.

[0022] The redirection message and process flow can take a variety offorms. As discussed above, the redirection message may comprise an HTMLpage including a meta refresh tag and the URL or IP address associatedwith the credit data retrieval system 50. In another embodiment, theHTML page may include JavaScript in the HTML page that, when executedwithin the context of the user's browser, is operative to generate anHTTP GET request to credit data retrieval system 50. In anotherembodiment, third-party web site 30, rather than directly interactingwith credit data retrieval system 50 to obtain a session ID, transmitsan HTML page including an operative, such as Javascript code or a linkembedded in the HTML page, to cause the browser on client computer 60 togenerate an HTTP POST request to credit data retrieval system 50including a request for a session identifier that, in oneimplementation, includes the user information discussed above, and isdigitally signed by third-party web site 30, encrypted, and encoded in ahidden field. Credit data retrieval system 50, as discussed above,verifies the digital signature and decrypts the user information dataand generates a session ID and returns it directly to the user'sbrowser.

[0023] When the browser processes the redirection message and transmitsthe request to credit data retrieval system 50, web/HTTP server 52receives the request (FIG. 3, 202) and looks up the session ID containedin the cookie included in the request header against a session statedatabase as with other conventional HTTP requests (204). Assuming thesession ID is valid, credit retrieval system 50 then initiates theauthentication and reporting functionality and interacts directly withthe user at client computer 60 (Ref. No. 5) for the remainder of thesession. In one embodiment, credit retrieval system 50 first presents atleast one agreement associated with a credit reporting bureau to theuser and prompts the user for acceptance or rejection of the agreement(206). If the user accepts the agreement, credit data retrieval system50 accesses credit reporting bureau 20 for a credit report correspondingto the user, using the personally identifying information originallyobtained from third-party web site 30 (208). In one embodiment, creditdata retrieval system 50 authenticates the user by prompting him/her forinformation contained in the credit report and matching the user'sresponse against the credit report data (210). As one skilled in the artwill recognize, any suitable authentication protocol can be used. Forexample, the authentication protocols disclosed in U.S. Pat. No.6,263,447, incorporated by reference herein, can be incorporated intoembodiments of the present invention.

[0024] Assuming the user is authenticated, credit data retrieval system50 then transmits an HTML page including the credit report to the user(214). As discussed above, in one embodiment, credit data retrievalsystem 50 includes an order for a credit score and displays the resultsto the user, as well. As one skilled in the art will recognize, variousprocess flows can be implemented for delivering credit reportfunctionality to users. For example, the user may be provided a combinedcredit report as described in U.S. application Ser. No. 09/644,139,incorporated by reference herein. In one embodiment, after or before theuser views the credit report, credit data retrieval system 50establishes a user account and password (in one embodiment, provided bythe user) and stores the retrieved credit report (for subsequentviewing) in association with the user account (212). In one embodiment,credit data retrieval system 50 uses the userid supplied by third-partyweb site 30 as the user account identifier. In one embodiment, the useraccount is also tagged with the co-brand id corresponding to third-partyweb site 30. After the session is terminated (216), credit dataretrieval system 50 redirects the user's browser to third-party web site30 (218). To gain subsequent access to credit reporting data, the usermust access third-party web site 30 to initiate another session withcredit data retrieval system 50, as described below.

[0025] B. Viewing an Existing Credit Report

[0026] The functionality described herein, in one embodiment, alsoallows the user to gain subsequent and continued access to his or heruser account through the context of third-party web site 30. In oneembodiment, the user logs into or otherwise accesses third party website 30 and elects to view an existing credit report stored in a useraccount, as discussed above. Third party web site 30 formulates arequest for a session ID, including a userid, transaction information(such as “view existing order”) and co-brand id, as discussed above.Credit data retrieval system 50 verifies the digital signature, decryptsthe request, and generates a session ID and transmits it to third partyweb site 30. Credit data retrieval system 50 also stores the userid andother transaction information in association with the session ID forlater use. When the user is redirected to credit data retrieval system50, it prompts the user for a user name and password. In one embodiment,credit data retrieval system 50 uses the userid supplied by third-partyweb site 30 to identify the user. If the user inputs a valid user nameand password, credit data retrieval system 50 displays the creditreport, if any, associated with the user account. Once logged in, theuser has the option of ordering other services and/or ordering a newcredit report.

[0027] Although the present invention has been described relative tospecific embodiments, it is not so limited. For example, although theembodiments discussed above allow for the integration of a credit dataretrieval system with a third-party web site, the present invention hasapplication to a wide variety of on-line services. In addition, manymodifications and variations of the embodiments described above willbecome apparent. For example, although the embodiments described aboveemployed HTML, HTTP(S) and XML protocols and technologies, the presentinvention can use any suitable communications and data exchangetechnologies and protocols. Furthermore, other changes in the details,steps and arrangement of various elements may be made by those ofordinary skill in the art without departing from the scope of thepresent invention. Accordingly, the present invention has been describedwith reference to specific embodiments. Other embodiments of the presentinvention will be apparent to one of ordinary skill in the art. It is,therefore, intended that the claims set forth below not be limited tothe embodiments described herein.

What is claimed is:
 1. An apparatus facilitating integration of separateonline services, comprising a session state module operative to generatesession identifiers in response to requests for a session identifier;maintain session state information in association with the sessionidentifiers, wherein the session state information comprises a useridentifier; a server module operative to receive requests for sessionidentifiers from a third-party site, wherein the third-party requestsinclude user identifiers; authenticate the requests for sessionidentifiers; access the session state module to obtain sessionidentifiers for authenticated requests; transmit the session identifiersto the third-party site in response to the requests for sessionidentifiers; receive requests from users, wherein the requests includesession identifiers transmitted to the third-party sites; and controlaccess to resources available to the users by validating the sessionidentifiers in the requests from users against the session stateinformation maintained by the session state module.
 2. The apparatus ofclaim 1 further comprising an application module operative to provide anapplication service to at least one user; and wherein the server moduleis operative to control access to the application module.
 3. Theapparatus of claim 1 wherein the requests for session identifiersinclude a digital signatures created with an encryption key associatedwith the third-party site; and wherein the server module is operative toauthenticate the requests for session identifiers by validating thedigital signature.
 4. The apparatus of claim 1 wherein the requests fora session identifier are encrypted; and wherein the server module isfurther operative to decrypt the requests for a session identifier. 5.The apparatus of claim 4 wherein the requests for a session identifierare encrypted; and wherein the server module is further operative todecrypt the requests for a session identifier if the digital signatureof the third-party web site is valid.
 6. The apparatus of claim 1wherein the requests for a session identifier further comprise athird-party site identifier, and wherein the state informationmaintained by state management module further comprises the third-partysite identifier.
 7. The apparatus of claim 1 wherein the requests for asession identifier are transmitted directly by the third-party site. 8.The apparatus of claim 1 wherein the requests for a session identifierare transmitted indirectly via a host system corresponding to a user ofthe third-party site.
 9. The apparatus of claim 8 wherein the requestsfor session identifiers include a digital signatures created with anencryption key associated with the third-party site; and wherein theserver module is operative to authenticate the requests for sessionidentifiers by validating the digital signature.
 10. The apparatus ofclaim 8 wherein the requests for a session identifier are encrypted; andwherein the server module is further operative to decrypt the requestsfor a session identifier.
 11. The apparatus of claim 9 wherein therequests for a session identifier are encrypted; and wherein the servermodule is further operative to decrypt the requests for a sessionidentifier if the digital signature of the third-party web site isvalid.
 12. A method facilitating integration of separate onlineservices, comprising receiving, at a server, a request for a sessionidentifier from a third-party site, wherein the request includes a useridentifier and a third-party site identifier; validating the request fora session identifier; if the request for a session identifier is valid,creating a session and a session identifier in a session state database;and returning the session identifier to the third-party web site. 13.The method of claim 12 wherein the session is represented in a datastructure stored on a computer readable medium, and wherein theinformation associated with the session includes the user identifier andthe session identifier.
 14. The method of claim 12 wherein the requestfor a session identifier includes a digital signature created with anencryption key associated with the third-party web site; and wherein thevalidating step comprises validating the digital signature.
 15. Themethod of claim 12 wherein the request for a session identifier isencrypted; and wherein the method further comprises decrypting therequest for a session identifier.
 16. The method of claim 14 wherein therequest for a session identifier is encrypted; and wherein the methodfurther comprises decrypting the request for a session identifier if thedigital signature of the third-party web site is valid.
 17. The methodof claim 12 further comprising receiving a request from a host systemcorresponding to a user, the request including the session identifierreturned to the third-party web site; verifying the session identifieragainst the session information maintained in the session statedatabase; allowing the user access to functionality available throughthe server, if the session identifier is valid.
 18. The method of claim17 wherein the allowing step comprises creating a user accountcorresponding to the user, wherein the user account is tagged with thethird party site identifier.
 19. A system facilitating integration ofseparate on-line services over a network, comprising a first on-linesystem, operatively connected to a network, and comprising at least oneserver operative to initiate sessions and generate session identifiersonly in response to requests transmitted by authenticated on-lineservice systems; and interact with host systems corresponding to usersthat transmit messages including the session identifiers provided to theauthenticated on-line service systems; at least a second on-line systemcomprising a server operative to interact over a network with hostsystems corresponding to users; initiate, on behalf of at least oneuser, sessions with the first on-line system by transmitting a requestto the first on-line system and receiving a session identifier inresponse; transmit to the host system corresponding to the at least oneuser, the session identifier received from the first on-line system in aredirection message, wherein the redirection message is operative tocause the host system corresponding to the at least one user to transmita message, including the received session identifier, to the firston-line system.
 20. The system of claim 19 wherein the redirectionmessage comprises a HTML page including a meta refresh tag and the URLor network address corresponding to the first on-line system.
 21. Thesystem of claim 19 wherein the redirection message comprises a pageincluding a script, when executed by the host system corresponding tothe user, causes the host system to transmit a message, including thereceived session identifier, to the first on-line system.
 22. The systemof claim 19 wherein the redirection message is transmitted within thecontext of a frame of a web page.
 23. The system of claim 22 wherein theweb page comprises at least one additional frame including brandinginformation associated with the second on-line system.